As the investigation into Equifax data breach grows, here's what you need to do

State attorneys general throughout the country are investigating one of the largest data breaches in the country, one that financial experts believe will leave millions of Americans at risk of identify theft for the rest of their lives.

Equifax, a credit monitoring company, said Thursday the breach of its system may have exposed the Social Security numbers, birthdays, addresses, driver's licenses and phone numbers of 143 million consumers. Illinois Attorney General Lisa Madigan on Friday began an investigation into the breach.

With Social Security numbers and the personal data of many consumers in the hands of those who hacked into Equifax, Madigan predicted Friday that states will work together to hold Equifax responsible.

"This is everything, a treasure trove of a person's identity," she said.

Madigan likened the coordinated effort to other major consumer cases in which numerous states joined lawsuits. Among them: the tobacco industry health suit of the 1990s, mortgage servicing issues connected with the housing crisis, and the Volkswagen emissions scandal.

Although massive breaches of consumer data have become commonplace during the last few years, the Equifax situation is different from the other large breaches that have hit Target and Yahoo.

Equifax "is the most troubling because of the sheer size and the type of data stolen," Madigan said.

Consumers can determine if their data was exposed by checking with Equifax at www.equifaxsecurity2017.com. With almost half of Americans vulnerable due to the Equifax data breach, financial experts say consumers must be on guard now and in the future to make sure their financial lives aren't ruined.

Equifax has offered to give people a year of free credit monitoring, but that falls far short of what most consumers need to protect themselves, said Adam Levin, founder and chairman of the identity protection firm CyberScout and author of the book "Swiped."

"Your Social Security number is an eternal thing," he said. Consumers have their Social Security numbers for life, they are virtually impossible to change, and they are the access point to each person's identity. The Social Security numbers that children hold are also at risk.

Even if an individual's accounts appear fine now, thieves who obtain Social Security numbers could impersonate consumers any time in the coming years, Levin noted.

As a result, those who had their personal data exposed need to be on the lookout for anything unusual involving their financial activities, including bank and credit card accounts, bills and insurance claims.

Madigan said she will be asking Equifax to waive the fees people are charged when they try to protect themselves.

Currently, Equifax and the two other credit bureaus, Experian and TransUnion, charge people a $10 fee if consumers put what's known as "a freeze" on their credit reports. The freeze keeps credit bureaus from releasing credit reports to anyone, a move that prevents identity thieves from opening lines of credit using the names of consumers who have had their Social Security numbers stolen.

Freezes have become essential for everyone as a preventive measure because massive thefts of private data are widespread and likely to continue.

Michael Litt, consumer advocate with U.S. PIRG, a nonprofit advocacy group, noted that people hear more about credit monitoring than freezes because monitoring has become a big business. But monitoring only spots problems after they've already occurred and disrupted a person's financial life, while the freeze is protective at the outset, he said.

One way consumers can determine if accounts have been fraudulently opened in their name is to check their annual credit report, which allows for an examination of the records kept on individuals by each of the three credit bureaus. These reports can be obtained at www.annualcreditreport.com.

Equifax, Experian and TransUnion must provide individuals with a free copy of their credit report, at their request, once every 12 months. Experts recommend spacing out those requests over the year, perhaps by making one of each credit bureau each quarter. In doing so, you are checking your credit records every three or four months, meaning you are more likely to quickly spot new fraudulent accounts or charges.

There are a number of other steps that consumers who may have had their data exposed in the Equifax breach, or in any other breach, should take to safeguard their information:

•Check credit card and banking activity at least once a week. The sooner you detect a problem, the more chance you will have to stop it. Also, set up alerts on your bank and card websites so that whenever your account is used — either by you or by a thief — you are notified by email.

•Monitor medical bills and insurance information to make sure someone isn't getting care by impersonating you. If they are, you may be vulnerable in more ways than simply money. Your medical records could end up with someone else's blood type, for example, which could put you in a dangerous situation, Levin said.

•When using websites, use two-factor authentication when you log on. When you are asked to set up security questions, lie for the answers, so that someone who knows something about you from social media won't get the answers right.

•If you use credit monitoring services, which are provided by credit bureaus and companies such as LifeLock, make sure you get the highest level of protection, one that alerts you immediately if someone uses your Social Security number to open an account, Levin said.

•If you get a notice from the IRS stating that you didn't pay enough taxes, don't ignore it, Levin said. It's possible that someone has used your Social Security number to get a job, which means the taxes you are paying based on your own employment will look deficient. On the other hand, realize that the IRS does not call people and ask for personal information over the phone. So if you get a call from someone saying they are from the IRS, hang up.

gmarksjarvis@chicagotribune.com

Twitter @gailmarksjarvis

Copyright © 2017, CT Now
53°